Identify theft tax refund fraud

A growing epidemic, part 2 of 2

May/June 2014

The opinions expressed in this article aren't necessarily those of the ACFE, its Board of Regents or employees. — ed.

The U.S. Internal Revenue Service calls the scam its No. 1 fraud. Identity thieves are using stolen personally identifiable information to file victims' tax returns and then receive their refunds. Here's how the IRS is protecting victims, pursuing the criminals and ways all of us can fight this scourge.

Victor Williams and Kenneth Faison had a good thing going. Williams, of Tampa, Fla., would steal personally identifiable information (PII) and use it to file tax returns in those individuals' names. He'd then send the fraudulently obtained tax refund checks to Faison, of Foley, Ala., who deposited and cashed them in northwest Florida and southern Alabama banks.

Faison had the perfect cover: He was pastor of a church. He actually used accounts in the name of the church to convert the checks. Once Faison had deposited the checks, he kept a percentage of the stolen funds for himself and transferred the remainder to Williams.

They also committed identity fraud to convert some of the checks. One time, they used PII they stole from a victim taxpayer to add that person as signatory to Faison's bank account so he could deposit a check.

Their schemes eventually caught up with them. Both pleaded guilty to one count of conspiracy to defraud the government, four counts of theft of public money and two counts of aggravated identity theft. On May 8, 2013, Williams was sentenced to 42 months in prison and Faison was sentenced to 24 months. They were also ordered to pay more than $220,000 in restitution.

As we wrote in part 1 of this article, the IRS ranked identity theft tax refund as its No. 1 scam last year. (See " IRS Releases the Dirty Dozen Tax Scams for 2013.") And tax identity thieves tend to be prolific and repetitive. They often use the same PII to repeatedly file for fraudulent tax returns. To protect individuals from being victimized again, the IRS began to issue an Identity Protection Personal Identification Number (IP PIN) to each tax refund victim during the 2011 tax-filing season. The IP PIN, which is designed to provide an extra layer of protection to victims' accounts, allows them to successfully e-file their returns in subsequent years and automatically rejects any additional fraudulent returns filed on their behalf by the criminals.

So, you've received the dreaded letter from the IRS that reads, "You filed more than one tax return or someone has already filed using your information" or "You have a balance due, refund offset or have had collection actions taken against you for a year you did not file a tax return, or IRS records indicate you received wages from an employer unknown to you." Or you feel that an identity thief could try to file your return because your PII has been stolen. What do you do?

First, read the " Taxpayer Guide to Identity Theft." Then, immediately report the suspected fraud to IRS.gov or call the IRS Identity Protection Specialized Unit at (800) 908-4490. You'll complete the Identity Theft Affidavit Form 14039 and be asked to provide evidence of who you are, such as your passport.

Once the IRS has received and processed the affidavits you'll be assigned an IP PIN, which "will help [the IRS] make sure any tax return … receive[d] with identifying information is really from you." (See " Understanding Your LTR4868CS Letter."). After that, the IRS will process your tax refund.

IRS FIGHTING IDENTITY THEFT TAX REFUND FRAUD

Investigative actions

The statistics in the chart not only reinforce the severity of this fraud but also report the successes of the ongoing investigations of the CI unit of the IRS. (The IRS cautions that because actions on a specific investigation might cross fiscal years, the data shown might not always represent the same universe of cases shown in other actions within the same fiscal year.

The trend in the data reflect the increased proactive actions of the IRS — the number of initiated investigations has grown more than 500 percent from 2011 through 2013, which has resulted in a similar increase in individuals sentenced. The average time served was between three and four years but, as shown in a number of cases analyzed below, some sentences far exceed these averages. Through Feb. 7, the IRS has completed 31 cases and numerous criminals have received long sentences. (See the IRS.gov release, " Examples of Identity Theft Schemes – Fiscal Year 2014.")

Other IRS actions

The IRS states that it has taken these additional steps to combat identity theft tax refund fraud:

Instituted processes for handling tax returns, constructed compliance filters to detect fraud and devised new initiatives to partner with stakeholders.

Accelerated case resolutions, provided more training for IRS employees who assist victims and stepped up outreach to and education of taxpayers so they can prevent and resolve tax-related identity theft issues quickly.

Constructed new identity theft screening filters to improve the ability to spot false returns before they're processed. Once a tax return is flagged, the IRS says it will correspond with the sender before further processing the tax return to make sure it has the correct taxpayer. (See the IRS topic, " Identity Protection.")

In late 2012, the IRS assigned more than 3,000 employees to work on detecting, preventing and prosecuting criminals for this scam and trained 35,000 additional employees to help educate taxpayers spot identity theft indicators and help victims to recover.

The IRS's CI unit is also partnering with other law enforcement agencies, including the FBI, to investigate and prosecute identity theft tax refund thieves. The success of these partnerships is evident. For example, the FBI reported on Oct. 25, 2013, that the agency and law enforcement partners — including the IRS and San Diego authorities — after a two-year investigation named 55 young visa holders from former Soviet-bloc countries who worked as foot soldiers for a Los Angeles-based crime ring. They were charged with involvement in four elaborate fraud schemes in a $7 million fraudulent identity theft tax refund scam. (See " Crime Ring Recruited Short-Term Visa Holders.")

More than 24 of these criminals remain at large, including one of the crime ring's main architects, Hovhannes Harutyunyan, 34, an Armenian whose last known address was in Burbank, Calif. [Contact the FBI at (858) 320-1800 or online at tips.fbi.gov if you have any information on any of these suspects.]

Here are the four primary fraud schemes in this case:

The crime ring, using stolen identities, filed about 2,000 fraudulent tax returns and then claimed more than $20 million in refunds. Students with J-1 visas obtained addresses and bank accounts to which the IRS sends the fraudulent refunds.

Conspirators set up bank accounts and began writing checks back and forth to create good transaction histories, which banks rewarded by shortening or eliminating holds on deposited checks. Then the so-called "seed" accounts wrote bad checks to 60 "bust out" accounts, which paid out more than $680,000.

Conspirators obtained PII of wealthy bank customers and disguised themselves as the account holders. They practiced forging documents and impersonating the account holders and obtained $551,842. They laundered the money by purchasing gold with the stolen funds.

Conspirators obtained pre-paid debit cards in the names of identity theft victims and opened bank accounts in the names of conspiring visa holders who sold their account information before leaving the U.S. They then filed more than 400 fraudulent tax returns to seek more than $3 million.

We analyzed the IRS' sample of 2013 identity theft tax refund fraud cases, and we determined that the fraudsters obtained the PII to commit their crimes via internal or external data breaches. The most recognizable types of data breaches included "internal theft of data by a current or former employee," "internal hacking or unauthorized intrusion of a network by a current or former employee" and "external theft by a non-employee with absolute or high probability of fraudulent intent."

We'll showcase cases from each of these three types of data breaches to illustrate how fraudsters obtained the victims' PII and how they received and converted the refunds. This will help explain why this type of fraud has become an epidemic and how the major driving factor is organizations' inadequate data protection policies.